Better Together: How Data Loss Prevention Can Shed Light on Ediscovery and Internal Investigations

| May 11 2022

Some things that are great on their own turn out to be even better as half of a dynamic duo. We’re talking peanut butter and jelly. Burgers and fries. Hall and Oates. And now: data loss prevention (DLP) and ediscovery. 

Sure, DLP is critical by itself for helping you protect your company against the unauthorized leakage of sensitive information. And ediscovery techniques slice through the vast data your business generates to reveal the key facts that can determine the outcome of a litigation matter or an internal investigation. 

But when you combine DLP and ediscovery, you gain even deeper insights. Here’s how. 

How DLP Minimizes the Risks of Sharing Data

Companies trade enormous volumes of sensitive information when hiring employees, managing internal human resources, marketing to potential buyers, and serving customers. That sensitive data may include a wide variety of personally identifiable information (PII) or personal data, from names, Social Security numbers, customer IDs, and usernames to physical addresses, email addresses, IP addresses, phone numbers, and much more. 

Because these types of information are central to how businesses operate, they can crop up in various places: in emails, Slack messages, Jira tickets, Salesforce records, internal HR databases, or anywhere else that work gets done. 

Despite the apparent ubiquity of PII, companies should carefully protect these types of information from unauthorized disclosure. After all, why should customers trust a business to provide them with good service if they can’t even protect individuals’ basic information? Suffering a data breach or an information leak is embarrassing and costly, both reputational damage and actual monetary losses. 

As a result, companies have implemented sophisticated DLP measures to ensure that messages containing sensitive information don’t go to unauthorized recipients. DLP solutions use various means—often including artificial intelligence (AI) and machine learning—to recognize patterns that may indicate sensitive information and to intercept messages that include that information. DLP systems operate as pre-check screeners, filtering messages through a set of rules before approving those messages to be sent. If a message violates a DLP rule, the message is held, and a user (which may be the sender or an administrator) can take appropriate follow-up action. 

For all its benefits, there’s a clear limitation to DLP: it only applies to data in motion or being sent from User A to User B. That stands in contrast to ediscovery methods of evaluating information, which consider an entire corpus of static data and pinpoint the relevant facts found within that volume of data. 

But what if we could apply DLP methods to an existing set of messages?


Applying DLP to Slack Messages

Over the last couple of years, the team at Hanzo has been working on a project that combines aspects of machine learning with ediscovery and investigations. We’ve been training models to recognize two distinct types of misbehavior that may occur within Slack messages: inappropriate communications, including bullying, harassment, and discrimination, and leakage of sensitive information such as PII

These methods helped us to pinpoint concerning messages within a Slack workspace with a high degree of confidence, identifying the dates, channels, and users associated with potential misbehavior. For organizations with remote teams that stay in touch over Slack, this functionality could help them detect previously hidden malfeasance and weed out bad actors. 

So, why not use these same techniques to gain deeper insights into messages during ediscovery and internal investigations?


DLP and Ediscovery: Hanzo Spotlight Search

Now, Hanzo uses the same types of rule sets to detect inappropriate communications and sensitive information leakage across Slack datasets in ediscovery and internal investigations. As a result, we can ingest historical  information from Slack and pass it through our rule sets to rapidly and automatically enrich the resulting data. 

This new function, Hanzo Spotlight Search, is based on the behavior analysis capabilities we've built in-house and our new partnership with Nightfall, an AI company specializing in DLP. 

Our behavior analysis uses machine learning to detect a range of potential misbehaviors, including toxicity, identity-based attacks, insults, obscenity, sexually explicit language, and more. The technology will flag any messages that exceed a confidence threshold as potentially abusive messages that warrant a closer look. 

If, for example, a company receives a complaint that Manager Mike is mistreating his trainees, it can ingest his Slack messages into Hanzo Hold and run those messages through Hanzo Spotlight Search’s behavior filters. Any statements that exceed the threshold will be flagged with a behavior tag for individual review, enabling the investigation team to narrowly focus its efforts much more rapidly. 

For a classic DLP screen, Hanzo Spotlight Search uses Nightfall’s DLP rule sets and analyses to detect over 100 types of sensitive information, including bank routing numbers, credit cards, protected health information (PHI), secrets, passwords, and API keys. As with our behavior detection, the DLP screening ranks messages on a scale of potential violations, from “possible” to “highly likely.” 

So, if an organization believes that someone is skimming passwords, it can run a DLP check on its recent Slack messages to reveal that Secretary Sam is the culprit. Embedding this detection engine into search yields faster and more meaningful insights into when and where information is leaking—and who's behind it. 

In addition to providing a richer context for Slack messages within ediscovery matters and investigations, this enriched historic Slack data can also help organizations audit custodians, set information policies, or test the effects of new policies. 

To learn more, register for our upcoming webinar, Drive Data Intelligence with Collaborative Data, on May 24, 2022, at 1 pm EDT. We’ll have experts from both Hanzo and Nightfall explaining applications and use cases for this exciting new functionality. 

Register for the webinar, Drive Data Intelligence with Collaborative Data.

Register for Webinar





Related posts

Knowledge is Power: How Legal Operations Can Create Efficiency Through Intelligence

Knowledge is Power: How Legal...

Legal departments are facing higher competition and budget limitations, prompting them to seek ways to improve their ...

Read More >
Operational Excellence Through Management of Corporate Legal Departments

Operational Excellence...

The legal department of an organization is responsible for providing crucial legal support and advice to the company's ...

Read More >
Ediscovery Best Practices for Slack and MS Teams from Information Governance Through Litigation

Ediscovery Best Practices for...

Workplace collaboration tools like Slack and MS Teams have become ubiquitous in many organizations. However, they also ...

Read More >

Get in Touch to Learn More

Hanzo’s purpose-built, best-in-class solutions can help your readiness to respond to the next discovery request, investigation, or audit. Contact us to learn more.

Contact Us